Kelly Jones wrote: > Spammers often spoof fake email addresses when sending email, eg > "[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>". It's > easy to tell this address is fake: > <snip> > > But this is network-intensive to do for *every* incoming email (and no > one supports "VRFY" anymore). Has someone compiled a list of "fake > addresses used by spammers"? AFAIK, that list would be HUGE. Most spammers are currently using random-name generators, or hybrid random/dictionary systems for generating names. Others are just using random addresses out of their database of people to spam. This stuff is mostly generated on the fly on a per-message basis using botnets.
The resulting database would contain billions of addresses, and would be obsolete almost instantaneously as spammers add new ones, or some of the previously invalid ones become registered. A more general method that would help with these is to attempt to detect forgeries by using SPF. While SPF isn't a general-purpose spam control tool (And anyone who thinks it is is likely to be disappointed, quickly), it is quite useful as an anti-forgery technology. For domains that have SPF records you'll quickly be able to determine they are forged and therefore likely to be spam or viruses. Admittedly this wouldn't have helped with the lycos.com example, it would help with other commonly faked domains such as hotmail. > > Something like what joewin.de <http://joewin.de>'s done for 419 > scammers and spamvertised > domains?: > > http://www.joewein.de/sw/bl-text.htm#urls >
